CVE-2017-3870Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco WEB Security Appliance

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.3%
top 51.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco WEB Security ApplianceCisco WEB Security Appliance
Timeline
PublishedMar 17
Latest updateMay 17

Description

A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Rele

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDcisco/web_security_appliance8.5.3-069, 9.1.1-074, 9.1.2-010+2
CVEListV5cisco/cisco_web_security_applianceCisco Web Security Appliance

🔴Vulnerability Details

2
GHSA
GHSA-cx22-cj62-6f44: A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote a2022-05-17
CVEList
CVE-2017-3870: A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote a2017-03-17

📋Vendor Advisories

1
Cisco
Cisco Web Security Appliance URL Filtering Bypass Vulnerability2017-03-15
CVE-2017-3870 — Cisco vulnerability | cvebase